Merge pull request #1 from hardening-io/profile

Add profile.conf configuration
dev-sec · May 11, 2015 · fd995bf · fd995bf
2 parents fd84415 + e097f02
commit fd995bf
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/roles/ansible-os-hardening/tasks/main.yml b/roles/ansible-os-hardening/tasks/main.yml
@@ -12,6 +12,10 @@
 - name: create securetty
   template: src='securetty.j2' dest='/etc/securetty' owner=root group=root mode=0400
 
+- name: create profile.conf
+  template: src='profile.conf.j2' dest='/etc/profile.d/pinerolo_profile.sh' owner=root group=root mode=0750
+  when: not os_security_kernel_enable_core_dump
+
 - name: minimize access
   file: path='{{item}}' mode='go-w' recurse=yes
   with_items:

diff --git a/roles/ansible-os-hardening/templates/profile.conf.j2 b/roles/ansible-os-hardening/templates/profile.conf.j2
@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+# Disable core dumps via soft limits for all users. Compliance to this setting is voluntary and can be modified by users up to a hard limit. This setting is a sane default.
+ulimit -S -c 0 > /dev/null 2>&1